Is Your Firewall Minding the Shadow IT Gap?

IT executives generally prefer holistic security solutions that solve a wide range of needs. But security startups are now able to quickly develop solutions that close critical security gaps when more specific needs arise: Shadow IT is a perfect example of a specific problem that requires a specific solution. However, the biggest cyber security solutions have little to offer. Gartner recently published a piece called the Top 10 Technologies for Information Security, and #1 was:

You don’t have to be in the security industry to see why this prediction is a no-brainer. CIOs and CISOs don’t want to feel like they are playing whack-a-mole with gaps in their previously purchased security solutions. They expect those existing security solutions to be future-focused, so when needs arise, a simple adjustment or update is all it takes. But for those who want to address Shadow IT, their existing security solutions fall short.

Why are security vendors so far behind?

While the problem of Shadow IT is well known, the scope of the issue has grown quickly, and traditional firewall vendors have been caught off guard. Businesses transitioned from in-house solutions to cloud-based ones in a blink of an eye. This fundamental change in business process also changed the way we must think about cyber security. Perimeter-based solutions aren’t adequate in an interconnected world. Security needs to be inherent in every connection that’s made with cloud apps. As a result, CASB solutions have a completely different business model than their predecessors. Traditional cyber security is hardware based, but many CASBs are API based and often delivered through a SaaS model.

What are security vendors doing to mend the gap?

Despite a few large acquisitions, most cyber security vendors have partnered with smaller startups to provide clients with Shadow IT coverage. However for most customers, buying an additional security solution isn’t very appealing. As a result, CIOs and CISOs who think they’ve covered every security gap probably still have a Shadow IT problem.

Given the multitude of security solutions that pitch to businesses, industry consolidation makes sense and is already underway. 451 Research just published a piece about Cisco’s acquisition of CloudLock that includes this table:

Date announced

Target

Acquirer

Employees

Deal value

June 28, 2016

CloudLock

Cisco Systems

150+

$293m

November 9, 2015

Elastica

Blue Coat Systems

188

$280m

September 8, 2015

Adallom

Microsoft

94

$250m*

July 30, 2015

Perspecsys

Blue Coat Systems

100

$44.7m

May 27, 2015

CirroSecure

Palo Alto Networks

10

$18m

March 31, 2015

Anicut Systems

CipherCloud

Fewer than 5

Not disclosed

February 6, 2014

Skyfence Networks

Imperva

20*

$60m

January 15, 2014

CloudUp Networks

CipherCloud

2

Not disclosed

September 26, 2013

SaaSID

Intermedia

20

Not disclosed

The CASB space is heating up: as CASBs mature and the market size increases, the deal values are ballooning. Enterprise firewall vendors like Check Point, Fortinet, Sonicwall, Sophos and WatchGuard that are waiting to either acquire an existing CASB or roll out their own solution are watching the window of opportunity beginning to close. Acquisitions will become unaffordable and their customers will either procure their own CASB or switch to a more holistic vendor.